the haproxy health checks produced the postfix/anvil logs.
After adding the haproxy IP to the "smtpd_client_event_limit_exeptions"
the postfix/anvil logs showed correctly the originating IP of the brute
force attacks.
smtpd_client_event_limit_exceptions = $mynetworks $haproxy
On 05/01/2017 0
plataleas:
>
> the haproxy health checks produced the postfix/anvil logs.
>
> After adding the haproxy IP to the "smtpd_client_event_limit_exeptions"
> the postfix/anvil logs showed correctly the originating IP of the brute
> force attacks.
>
> smtpd_client_event_limit_exceptions = $mynetworks $
Ok,
This is a little bit off topic for the mail list.
Assuming as you say, you don’t spam…
You may be included in a RBL if you reside on a net block that has a spammer on
it.
So while your domain isn’t spamming, if your next door virtual neighbor is…
you’re SOL (Shit Out of Luck) until you
On 5/2/2017 9:51 AM, Michael Segel wrote:
You can run a check on your MX Server… there are a couple of web sites that do
this… and I think one or two will identify the RBLs that include you.
One trick I use a lot when I have an infected machine on a network or a
customer with a problem is that
Just to follow up…
I ran the check on his domain:
https://mxtoolbox.com/domain/netlite.it/
Pretty clean, maybe a few things to fix, but he’s not on any black list.
I don’t know when he set up his domain, it could be that Trend Micro blocked
the IP block due to a previous tenant and never took
On 5/2/2017 10:02 AM, Michael Segel wrote:
Just to follow up…
I ran the check on his domain:
https://mxtoolbox.com/domain/netlite.it/
Pretty clean, maybe a few things to fix, but he’s not on any black list.
I don’t know when he set up his domain, it could be that Trend Micro blocked
the IP blo
Hi, everybody, yes is the first thing i try, i use mxtoolbox always
before every investigation (from 1 year).
For me the problem is related only at spam activity that my server don't
trace or a somthing compromise, like an user account.
But on my server there are no trace of spam.
Or it is
So far i can see, is your web site the target not you mail server.
I personaly use : http://multirbl.valli.org/lookup/netlite.it.html
About the same as mx toolbox, but i did notice that the list of multirbl is
much shorted when the domainname is used.
If i check with this hostname: mail.netlite
Would a spammy email server only trigger one RBL?
While mxtoolbox looks complete, there are more RBLs than on their list. I never
knew Trend Micro had a RBL.
Spamrl.com is one I can't stay off of. They do honor their one week reprieve.
Like I said, I managed to get them removed from servers
On 5/2/2017 10:56 AM, li...@lazygranch.com wrote:
Would a spammy email server only trigger one RBL?
Sure.
Spam is often in the eye of the beholder, people use different feeds,
different policies, purposes, etc.
I wouldn't discount it that it's an issue just because it's only on one
RBL. I
Maybe its handy to tell us the real domainname and ip involving this problem?
This i s very interesting thanks i follow this suggest.
I was moving on wrog way.
Thanks
Il 02/05/2017 16:52, L.P.H. van Belle ha scritto:
So far i can see, is your web site the target not you mail server.
I personaly use : http://multirbl.valli.org/lookup/netlite.it.html
About the same as m
I don't find any site compromise, i try to write
to Trend Micro for the third time..
Thanks everybody.
Il 02/05/2017 17:03, Matteo Cazzador ha scritto:
This i s very interesting thanks i follow this suggest.
I was moving on wrog way.
Thanks
Il 02/05/2017 16:52, L.P.H. van Belle ha scr
First, honey pots aren’t an issue and spoofing an IP address is fairly easy to
pickup.
As to spam is in the eye of the beholder, if you go back to my questions…
You’ll see that I asked about the OP’s mail list.
Free clue… if you purchased a list of potential customers… you’re a spammer.
If
My point was some prankster and/or whitelist service could spam the honeypot
with your credentials forged. That is a great way for a white list service to
get customers.
Without knowing the setup of the honeypot, it could be spoofed. These RBLs
shoot first and ask questions later.
Anyway,
I know many of us have used the fqrdns.pcre in Postfix's
smtpd_client_restrictions for many years to help block "low hanging" spam.
Long ago, after the project was abandoned by Stan H, I adopted it and moved
it to GitHub:
https://github.com/stevejenkins/hardwarefreak.com-fqrdns.pcre
One of Stan's
I got what you were saying.
What you’re talking about is known as a Joe Job.
And its harder to do because its easier to spot fake headers these days.
So while its possible, its highly improbable and if it were done, it wouldn’t
be on a single RBL.
As to RBL services… yes, over time, some get
Hi,
I am curious about being able to send email to both Dovecot for the end user’s
mail box and then also on to a stream where one can do some analytics?
Or chain the streams so that you can do analytics on both in-bound and
out-bound and then deliver it?
I know that it can be done (theoret
From the wiki:
"Joe job victims may lose website hosting or network connectivity due to
complaints to their Internet service providers, and even face increased
bandwidth costs (or server overload) due to increased website traffic. The
victim may also find his or her email blacklisted by spam fi
Hello,
I'm running a Postfix 3.1 setup with Dovecot 2.29 and Mysql 5.7. I am
trying to track down an elusive problem. Previously I had my
virtual_transport set to dovecot with a dovecot service in master.cf.
I then enabled the lmtp service which uses a socket
/var/spool/postfix/private/dovecot-lmt
> On May 2, 2017, at 6:17 PM, David Mehler wrote:
>
> I keep getting the error in the logs to many connections to the mysql
> database and stuff is deferred.
>
> Any ideas?
Nothing specific, while you remain reticent about sharing the actual log
entries and your server configuration. Generall
Michael Segel:
> Hi,
>
> I am curious about being able to send email to both Dovecot for
> the end user?s mail box and then also on to a stream where one can
> do some analytics? Or chain the streams so that you can do analytics
> on both in-bound and out-bound and then deliver it?
>
> I know t
Hi,
I'm not sure what to send. I've temporarily solved the problem by
increasing the mysql max_connections setting from 256 to 300 and
started working. Something is using up mysql processes when the lmtp
socket is used.
Dave.
On 5/2/17, Viktor Dukhovni wrote:
>
>> On May 2, 2017, at 6:17 PM, D
23 matches
Mail list logo
